4 results found
Make all 44 authoritative sources into optional (selectable) regulatory factors
When setting up a new assessment, only a subset of the 44 authoritative sources in the CSF today are selectable / optional regulatory factors. Instead, 44 authoritative sources should be made into optional (selectable) regulatory factors.2 votes
Add additional risk factor questions that allow for greater tailoring of requirement statements included in the scope of an assessment2 votes
in v10: No requirements should dictate scope
In the requirement, "Risk designations are assigned for all positions in the organization", a scope of the whole organization is forced through the wording. In v10, no requirements should dictate scope in and of themselves and should instead be written in such a way that they can be tested to the assessment's scope.4 votes
Provide organizations with the ability to sort controls/requirements by different options (e.g., by ISO, NIST, etc.)2 votes
- Don't see your idea?